dotfiles/roles/system/sshd/tasks/main.yml

---
- name: Packages
  ansible.builtin.include_tasks: install.yml
  tags: install

- name: Set sshd systemd unit for Ubuntu
  ansible.builtin.set_fact:
    sshd_unit: ssh
  when: ansible_distribution == "Ubuntu"

- name: Set sshd systemd unit for co-Ubuntu
  ansible.builtin.set_fact:
    sshd_unit: sshd
  when: ansible_distribution != "Ubuntu"

- name: Enable SSH server
  ansible.builtin.service:
    name: "{{ sshd_unit }}"
    enabled: true

- name: Harden the SSH config
  ansible.builtin.template:
    src: templates/10-harden.conf
    dest: /etc/ssh/sshd_config.d/10-harden.conf
    mode: 0600
    owner: root
    group: root
  notify: "Restart SSH server"

- name: Set trusted CA
  ansible.builtin.include_tasks: trusted_ca.yml
  when: sshd.auth.trusted_ca
roles(system/sshd): create SSH server config Signed-off-by: Matej Focko <me@mfocko.xyz> 2023-08-29 11:14:23 +02:00			`---`
			`- name: Packages`
			`ansible.builtin.include_tasks: install.yml`
			`tags: install`

			`- name: Set sshd systemd unit for Ubuntu`
			`ansible.builtin.set_fact:`
			`sshd_unit: ssh`
			`when: ansible_distribution == "Ubuntu"`

			`- name: Set sshd systemd unit for co-Ubuntu`
			`ansible.builtin.set_fact:`
			`sshd_unit: sshd`
			`when: ansible_distribution != "Ubuntu"`

			`- name: Enable SSH server`
			`ansible.builtin.service:`
			`name: "{{ sshd_unit }}"`
			`enabled: true`

			`- name: Harden the SSH config`
			`ansible.builtin.template:`
			`src: templates/10-harden.conf`
			`dest: /etc/ssh/sshd_config.d/10-harden.conf`
			`mode: 0600`
			`owner: root`
			`group: root`
			`notify: "Restart SSH server"`

			`- name: Set trusted CA`
			`ansible.builtin.include_tasks: trusted_ca.yml`
			`when: sshd.auth.trusted_ca`